[MajorSecurity SA-079]PHPKIT WCMS - Multiple stored Cross Site Scripting Issues
Product: PHPKIT WCMS
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.phpkit.com/
Advisory-Status: published
Discovered by: David Vieira-Kurz of MajorSecurity
http://www.majorsecurity.net/phpkit-wcms-xss-stored.php
PHPKIT WCMS 1.6.5
Prior versions may also be vulnerable
"PHPKIT WCMS is an Content Management System."
We at MajorSecurity have discovered some vulnerabilities in PHPKIT WCMS 1.6.5, which can be exploited by
malicious people to conduct persistent cross-site scripting attacks. Input passed directly to the
"gbook_welcome" parameter in "/de/pk/include.php?path=config&mode=guestbook" and to the "rss_page_text"
parameter in "/de/pk/include.php?path=config&mode=rssfeed" is not properly sanitised before being stored and
returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser
session in context of an affected site.
Web applications should never trust on user generated input and therefore sanatize all input. Edit the source
code to ensure that input is properly sanitised.
MajorSecurity is a German sourcecode audit and penetration test company which focuses on (web-)application
security. We offer professional source code audit, penetrationstest and pci dss compliance tests. Visit us at
http://www.majorsecurity.net/source-code-audit.php